Jonathan Mazon features in the IR Global & ACC collaboration Publication “A Jurisdictional Guide of how to Manage Risk in Multinationals”

QUESTION ONE – When representing a client with significant business activities in foreign jurisdictions, what are some key risk-related concerns that arise in a cross-border context and how can a parent company minimise such risk?

Whenever a client conducts business in multiple jurisdictions it is important to understand the types of risk that prevail in each country and how those may affect the client elsewhere in the world. For instance, a global consumer goods company headquartered in South America may suffer sanctions in the US and global reputational damage as a result of an isolated corruption case in a minority-owned joint-venture operation in Asia.

It is also important to understand whether exposure to the risks associated with each of those foreign jurisdictions is in line with the client’s risk appetite, how familiar the client organisation is with such risks, and whether the client’s risk management seems appropriate for each context. As there is no single solution that would work for all clients, risk management structures and compliance programmes also consider the client’s corporate culture, the resources available and other variables that end up making each solution unique.

To be effective with regard to the risks that can be addressed via compliance programmes or legal solutions, it is important to know that the client’s initiatives (1) are clearly linked to specific risks and are able to prevent violations (e.g. training); (2) expedite detection of violations (e.g. whistle-blower hotlines) while minimising its negative impacts on the organisation or (3) align corporate policies with laws, rules and regulations (e.g. code of conduct). From a broader management perspective, there must also be metrics and KPIs to track the effectiveness of initiatives that make up the client’s compliance programme.

By having a well-designed risk management structure and an effective global compliance programme, the parent company can take advantage of growth opportunities that arise in profitable but otherwise riskier geographies, while minimising risks of cross-border regulatory probes and sanctions in more regulated jurisdictions.

QUESTION TWO – What degree of control should a parent company have over its overseas subsidiaries? How does the degree of control impact the risk exposure level, and how can control issues be managed to minimise liability?

Again, when establishing what degree of control a parent company should have over its overseas subsidiaries, there is no single correct answer. It depends on critical variables such as the industry in which the client operates and the degree of political stability or regulatory maturity in the parent company and the subsidiaries’ respective jurisdictions. For instance, if the client operates in multiple jurisdictions within the European Union, the cost-effectiveness of a centralised approach may be more desirable, whereas the responsiveness of a decentralised approach may be more suitable if the client operates across several continents.

Risk exposure levels can be minimised by increasing the degree of control. For example, there was a European telecoms company that decided to enter a market in Asia where the rule of law had been recently re-established after decades of a military regime, endemic corruption, human rights violations and international sanctions. This company participated in an international tender and successfully bid for a major contract with the local government. By maintaining a high degree of control over its operation in that specific geography, the company was also able to find reputable local suppliers despite nearly 50% of all potential partners being US-sanctioned individuals.

In addition to this telecom company’s experience with other recently democratised countries in Asia and Eastern Europe, their risk-based approach to controls and robust compliance processes helped minimise liabilities due to known risks. When dealing with unknown risks, clear processes, good communication channels between the HQ and subsidiary and well-trained persons in place at both locations to ensure timely and effective responses are also key.

QUESTION THREE – What constitutes the right balance between risk and liability for a company and its overseas subsidiary? What examples can you give?

As not all risks can be mitigated, organisations should focus on actions that yield the most significant reduction in expected loss per amount of resources invested. The right balance between risk and liability depends on the organisation’s profile, context and risk appetite. For instance, if a company wants to set up an overseas subsidiary to pursue a relevant business opportunity in a high growth market that is also more susceptible to political turbulence, the parent company will likely want to ensure that it has processes in place to be able to deal effectively with its identified risks (i.e. those that are operational/preventable and those that are taken in order to obtain superior returns), as well as respond timely and effectively in the event of a crisis and/or unforeseen risk.

A good design involves a combination of three elements: a global crisis response policy, a local response team to carry out the policy, and a centralised unit to support or coordinate the local team, as necessary. This is based on the principle that a local crisis, issue or incident is usually best managed by those that are closer to it and more familiarised with the entire context and available solutions.

An extreme example of how the balance between risk and liability may impact a company and its overseas subsidiary is a case of ethnic violence that affected employees working in a rural site of a Kenyan subsidiary of a UK-based company.

A group of more than 200 affected individuals filed a lawsuit in the London High Court alleging that the company placed these minority tribes in a position of particular risk, as those individuals were brought in large numbers to live and work on the company’s rural unit, where they were surrounded by a tribe hostile to individuals of other ethnicities.

The parent company ended up being acquitted, as there was insufficient evidence of it being actively responsible for the alleged crisis management failings of its Kenyan subsidiary. Whereas, the subsidiary was found guilty as the court considered that it failed to exercise reasonable care and skill to protect their workers from the foreseeable risk of ethnic violence and was, therefore, negligent.

Key considerations for multinationals operating in highrisk industries and jurisdictions:

  • There is no “one size fits all” risk management solution. However, there are frameworks that will lead to risk management programmes that are more effective in dealing with risk in these scenarios.
  • Some key factors to be taken into account when designing a risk management programme for a multinational operating in these scenarios are: the client’s risk appetite, familiarity and experience in dealing with the risks associated with its activities in each industry and jurisdiction, and the balance between the cost-effectiveness of centralised controls and the responsiveness of decentralised controls.
  • Even leading companies and the best risk management programmes will fail from time to time. It is important to tailor each company’s risk management to cost-effectively avoid or eliminate the occurrence of preventable/operational risks, reduce the likelihood and impact of the risks taken in order to obtain superior returns and reduce the impact should an uncontrollable risk event occur.

To read the full publication, please click here.